Google and Amnesty International Teamed up to Make It Harder for Spyware Vendors to Hide

The rise of commercial spyware targeting journalists, activists, and high‑profile individuals has exposed a glaring gap in mobile security: the lack of reliable, device‑level evidence for investigators. Google’s Intrusion Logging directly addresses this void by embedding a persistent, privacy‑preserving log within Android’s Advanced Protection ecosystem. Developed alongside Amnesty International’s Security Lab, the feature captures granular events—device unlocks, physical access attempts, and the installation or removal of suspicious code—creating a forensic trail that was previously unavailable on mainstream smartphones. This collaboration underscores a growing trend where tech giants partner with civil‑society groups to co‑design security tools that serve both user privacy and investigative needs.

Technically, Intrusion Logging is gated behind Android 16 and the Advanced Protection Mode, limiting its current rollout to Pixel devices linked to a Google account. While the logs provide valuable insight, they also contain potentially sensitive data such as browsing history, prompting Google to stress secure sharing protocols. Critics note that sophisticated attackers could attempt to erase these logs, but Google has indicated that future updates will harden log integrity. The balance between forensic utility and user privacy remains delicate, and the feature’s success will hinge on transparent handling of the data it collects.

Industry‑wide, Google’s move joins Apple’s Lockdown Mode and WhatsApp’s strict account settings as part of a broader defensive arsenal against state‑sponsored surveillance tools. By setting a precedent for vendor‑level forensic capabilities, Google pressures competitors to adopt similar measures, potentially raising the baseline security for high‑risk users globally. For enterprises and NGOs, the availability of reliable intrusion evidence could streamline incident response, reduce legal exposure, and reinforce compliance with data‑protection regulations. As the ecosystem evolves, the interplay between advanced forensics and privacy safeguards will shape the next chapter of mobile security.